|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Codewalkers Forums Sponsor:
|
|
|
|
#1
August 18th, 2005, 04:49 PM
|
|||
|
|||
|
how do you choose an encryption algorithm
I'm starting to work with mcrypt to encrypt and decrypt data for storage in a MySQL db and I'm faced with a rather lengthy list of encryption algorithms (DES, 3DES, BLOWFISH,etc ad nauseum). I've done some preliminary googeling of the different alogrithms, but frankly the math involved is so far over my head I can't see any functional differences between them. I've been using Blowfish simply because it sounds cool.
I'm wondering what criteria y'all use to judge which algorithm to use and if there is any consensus on a current 'best practice' algorithm. Also, if you have any tips on working with encrypted data in MySQL, I'd sure appreciate it. Thanks, Ursus
|
|
#2
August 18th, 2005, 11:10 PM
|
||||
|
||||
|
RE: how do you choose an encryption algorithm
Personally - unless it is absolutely critical that I use some ungodly strong encryption - I just use SHA1 or a simple MD5 hash.
I tend to worry more about the security protocols involved for the whole project (XXS, form spoofing, transfer security, access security for server and DB)- then what encryption method is used by my DB to save data. After all they have to get through the rest of it to even attempt to crack the ecryption the data is in. But that's me.
|
|
#3
August 19th, 2005, 01:53 PM
|
|||
|
|||
|
RE: how do you choose an encryption algorithm
Lig-
I agree with you that if you control all the sources of access to the data, then the encryption strength of the data becomes less important. Nonetheless, with the type of data I'm storing I feel it necessary to be able to show that I've done due diligence to protect the data in the event the db is accessed. Also, while hashing would be easier, in order for the info to be usable (we're storing stuff like ftp passwords that need to be submitted in plain text), I need to be able to decrypt it. Also, in case you didn't see it, there's a faster method of breaking SHA-1 (http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html) Ursus
|
|
#4
August 20th, 2005, 10:33 AM
|
||||
|
||||
|
RE: how do you choose an encryption algorithm
Quote:
Yeah - I know. But for the majority of user's it isn't relevant since the numbers involved in the "faster" crack are still so high. 2^63 is still an extremely high number (though it is lower then 2^80 - for the original brute force). And just out of curiousity - did you consider just using MySQL's built in encryption methods? Quote:
Reference - http://dev.mysql.com/doc/mysql/en/encryption-functions.html
|
|
#5
August 20th, 2005, 12:46 PM
|
|||
|
|||
|
RE: how do you choose an encryption algorithm
Lig-
Thanks for the mysql link. To be honest I hadn't even considered that mysql might have built in encryption capabilities. This could really make life easier.
|
|
| Viewing: Codewalkers Forums > Other Technologies > Programming Theory > how do you choose an encryption algorithm |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
